Cory Robson wrote: > Does anyone have a list of attributes I can log on failed attempts and the > structure for the SQL statement.
No, because the list of attributes depends on what the NAS sends, and on your local configuration. Some modules add Module-Message, but not all do. > Eg %{reply:Reply-Message} quite often gives me "=5Cr=5CnYou are already > logged in - access denied=5Cr=5Cn=5Cn" whereas I obviously only need the > statement you are already logged in. > > I assume that an attribute followed by :- means to place what follows in the > event of no data provided. Yes. See doc/variables.txt > Looking for lots of clarification here. > > > postauth_query = "INSERT into ${postauth_table} (id, user, pass, reply, > date, callingid) values ('', '%{User-Name}', > '%{User-Password:-Chap-Password}', '%{reply:Reply-Message}', NOW(), > '%{Calling-Station-Id}')" Failed authentications are logged to radius.log. See rad_authlog() in src/main/auth.c for what it logs, and what may be available. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html